8231365: ServicePermission::equals doesn't comply to the spec
8231196: DelegationPermission allows to create an instance that thows NPE on ::equals call
Reviewed-by: mullan
--- a/src/java.security.jgss/share/classes/javax/security/auth/kerberos/DelegationPermission.java Tue Oct 29 09:34:21 2019 +0800
+++ b/src/java.security.jgss/share/classes/javax/security/auth/kerberos/DelegationPermission.java Tue Oct 29 09:34:23 2019 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -78,7 +78,8 @@
* @param principals the name of the subordinate and target principals
*
* @throws NullPointerException if {@code principals} is {@code null}.
- * @throws IllegalArgumentException if {@code principals} is empty.
+ * @throws IllegalArgumentException if {@code principals} is empty,
+ * or does not contain a pair of principals, or is improperly quoted
*/
public DelegationPermission(String principals) {
super(principals);
@@ -94,7 +95,8 @@
* @param actions should be null.
*
* @throws NullPointerException if {@code principals} is {@code null}.
- * @throws IllegalArgumentException if {@code principals} is empty.
+ * @throws IllegalArgumentException if {@code principals} is empty,
+ * or does not contain a pair of principals, or is improperly quoted
*/
public DelegationPermission(String principals, String actions) {
super(principals, actions);
@@ -116,14 +118,19 @@
} else {
t = new StringTokenizer(target, "\"", false);
subordinate = t.nextToken();
- if (t.countTokens() == 2) {
- t.nextToken(); // bypass whitespace
- service = t.nextToken();
- } else if (t.countTokens() > 0) {
- throw new IllegalArgumentException
- ("service principal [" + t.nextToken() +
- "] syntax invalid: " +
- "improperly quoted");
+ switch (t.countTokens()) {
+ case 2:
+ t.nextToken(); // bypass whitespace
+ service = t.nextToken();
+ break;
+ case 0:
+ throw new IllegalArgumentException
+ ("service principal not provided");
+ default:
+ throw new IllegalArgumentException
+ ("service principal [" + t.nextToken() +
+ "] syntax invalid: " +
+ "improperly quoted");
}
}
}
--- a/src/java.security.jgss/share/classes/javax/security/auth/kerberos/ServicePermission.java Tue Oct 29 09:34:21 2019 +0800
+++ b/src/java.security.jgss/share/classes/javax/security/auth/kerberos/ServicePermission.java Tue Oct 29 09:34:23 2019 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -238,7 +238,7 @@
return false;
ServicePermission that = (ServicePermission) obj;
- return ((this.mask & that.mask) == that.mask) &&
+ return (this.mask == that.mask) &&
this.getName().equals(that.getName());
--- a/test/jdk/javax/security/auth/kerberos/DelegationPermissionHash.java Tue Oct 29 09:34:21 2019 +0800
+++ b/test/jdk/javax/security/auth/kerberos/DelegationPermissionHash.java Tue Oct 29 09:34:23 2019 +0800
@@ -4,9 +4,7 @@
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
+ * published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/javax/security/auth/kerberos/DelegationPermissionInit.java Tue Oct 29 09:34:23 2019 +0800
@@ -0,0 +1,36 @@
+/*
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import javax.security.auth.kerberos.DelegationPermission;
+
+/*
+ * @test
+ * @bug 8231196
+ * @summary DelegationPermission allows to create an instance that thows NPE on ::equals call
+ * @run main/fail DelegationPermissionInit
+ */
+public class DelegationPermissionInit {
+ public static void main(String[] args) {
+ new DelegationPermission("\"user@REALM\"");
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/javax/security/auth/kerberos/ServicePermissionEquals.java Tue Oct 29 09:34:23 2019 +0800
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8231365
+ * @library /test/lib
+ * @summary ServicePermission::equals doesn't comply to the spec
+ */
+
+import jdk.test.lib.Asserts;
+
+import javax.security.auth.kerberos.ServicePermission;
+
+public class ServicePermissionEquals {
+ public static void main(String[] args) throws Exception {
+ ServicePermission p1 = new ServicePermission("user@REALM", "initiate");
+ ServicePermission p2 = new ServicePermission("user@REALM", "accept");
+ ServicePermission p3 = new ServicePermission("user@REALM", "initiate,accept");
+
+ Asserts.assertNotEquals(p1.hashCode(), p2.hashCode());
+ Asserts.assertNotEquals(p1.hashCode(), p3.hashCode());
+ Asserts.assertNotEquals(p3.hashCode(), p2.hashCode());
+
+ Asserts.assertFalse(p1.equals(p2));
+ Asserts.assertFalse(p1.equals(p3));
+ Asserts.assertFalse(p3.equals(p2));
+ }
+}